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Shamir’s (,k) threshold scheme is based on the mathematical concepts of polynomial 
interpolation and modular arithmetic.’ A polynomial equation is a function in one variable (here, 
the variable is x) with the following form: 

f(x)=a0 + ax + aox* +azxt.... agrk 
The largest power of x (here, k) is the “degree” of the polynomial. A polynomial function in one 
variable can be plotted as a curve in a two-dimensional coordinate plane. For example, a 
polynomial function of degree 1| plots as a straight line. A polynomial function of degree 2 (also 
known as a quadratic function) plots as a parabola. The precise shape of the curve depends on the 
coefficients assigned to the powers of x (that is, the values for ao, a1, a2, etc.). Polynomial 
interpolation is the technique of computing these coefficients so that the curve passes through a 
known set of points in a plane.” 

Modular arithmetic, sometimes known as “clock arithmetic,” can be thought of as the 
mathematics of remainders.? For example, on a clock, the only numbers that represent the hours 
of the day are 1-12. After the 12™ hour of the day, we restart the count with the number | (which 


is the remainder after deducting 12 from 13). No number greater than 12 exists in this system. In 


mathematical terms, the number that comes after 12 is not 13 (because 13 does not exist); it is “1 


1 Adi Shamir, How to Share a Secret, Communications of the ACM, Vol 22, No. 11 (November 
1979), p. 613. 


? MIT OpenCourseWare. Lecture notes to Chapter 3 of Numerical Analysis (Course 18.330), p.1 
(“Interpolation is the problem of fitting a smooth curve through a given set of points, generally 
as the graph of a function.”). https://ocw.mit.edu/courses/mathematics/18-330-introduction-to- 
numerical-analysis-spring-2012/lecture-notes/MIT18_330S12 Chapter3.pdf. 








3 https://www.khanacademy.org/computing/computer- 
science/cryptography/modarithmetic/a/what-is-modular-arithmetic. 
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modulo 12” (abbreviated “1 mod 12”). This pattern repeats. So, the numbers that would otherwise 
correspond to 25, 37, 49, 61 etc. are all equivalent to 1 mod 12. 

Shamir’s (n,k) threshold scheme allows a person to use polynomial interpolation to encrypt 
a number in a way that can only be decrypted by simultaneously using multiple keys. The number 
of keys necessary for decryption is one more than the degree of the underlying polynomial. 
Therefore, for a linear function (degree 1), two keys are necessary. For a quadratic polynomial 
(degree 2), three keys are necessary. 

So, to require k keys, start with a polynomial of order k-1. Then, select a finite field of 
prime order p, where p is greater than k and greater than the secret number you are trying to hide.‘ 
Here’s an example. Use the quadratic polynomial f(x)= ao + aix + ax’ over the finite field 
consisting of the integers less than or equal to 4 — {0,1,2,3,4}. This field is denoted Fs. 

(1) Set ao equal to the number you want to hide. Here, we will designate “3” as the 

hidden data. 

(2) Assign an integer coefficient of your choice from the finite field to each of the other 

“a” terms of the polynomial. We assign ai=2 and a2=1, which gives the polynomial 
function: f(x)= 3 + 2x + x’ 


(3) Compute f(x) for at least k values of x, where x is not equal to zero: 


Ex: for x=1 f(x)=6, which is 1 mod 5 
for x=2 f(x)=11, which is 1 mod 5 
for x=3 f(x)=18, which is also 3 mod 5 
for x=4 f(x)=27, which is 2 mod 5 


(4) Designate the ordered pairs corresponding to (x, f(x)): 


qd, 1) ie., when x=1, f(x) is 1 mod 5 
(2, 1) ie., when x=2, f(x) is 1 mod 5 


* A finite field is a type of alegebraic structure. The number of elements of the field is its “order.” 
The order of a finite field must be a prime number or a power of a prime (usually represented as 
p). Michael Artin, Algebra, 1‘' Ed. (1991) p. 510, theorem 6.4. 
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(3, 3) ie., when x=3, f(x) is 3 mod 5 
(4, 2) ie., when x=4, f(x) is 2 mod 5 


The ordered pairs (1, 1), (2,1), (3,3), and (4,2) are the decryption keys. Anyone who has 3 or more 
of these keys can compute the hidden value of ao by plugging in the values of x and f(x), then 
solving the simultaneous equations: 

For (1,1), the polynomial becomes: 1= ao + ai + a2 

For (3,3), the polynomial becomes: 3= ao + 3a; + 9a2 which is equivalent to 3= ao + 3a; + 
4a. mod 5 

For (4,2), the polynomial becomes: 2= ao + 4a; + 16a2, which is equivalent to 2= ao + 4a1 
+ a2, mod 5 

You now have three equations in three variables, which can be solved using simple linear 


algebra.> The solution gives ao=3, which is the number we wanted to encrypt. 


> See generally, Gilbert Strang, Introduction to Linear Algebra, 4" Edition, (2009), Chapter 2 
(explaining how to solve a system of linear equations). 
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